Skip to main content
close search
site logo
Dive Brief

Philips, DHS flag cyber vulnerability in EKG analysis software

Published July 15, 2019
Maria Rachal's headshot
Maria Rachal Editor
Philips

Dive Brief:

  • Highly skilled, unauthorized users may be able to enable unpurchased system options in a 12-lead electrocardiogram analysis software program made by Philips, according to a cybersecurity advisory Thursday.
  • The alert, issued by the U.S. Department of Homeland Security’s Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) said all versions of the Philips Holter 2010 Plus are affected. The organization rated the vulnerability as having relatively low severity.
  • Philips faced another ICS-CERT call-out in May, when the DHS division flagged an issue with an electronic medical record product that could allow a hacker to compromise patient confidentiality.

Dive Insight:

While the potential for patient harm from this particular Philips cybersecurity issue is not high, it's still part of a trend of discoveries of medical device weaknesses. FDA's Patient Engagement Advisory Committee will meet Sept. 10 to discuss medical device cybersecurity, with a particular focus on how regulators and industry can best inform the public of risks.

Philips proactively reported the vulnerability to the National Cybersecurity and Communications Integration Center. The company said in a statement the issue "does not impact patient safety, patient data integrity or confidentiality or system operations," and it isn't aware of reports of utility or safety of the product being affected.

The ICS-CERT advisory was the second medtech alert of the week. A more serious warning Tuesday highlighted two hospital anesthesia machines: GE's Aestiva and Aespire devices. A cybersecurity firm discovered a medium severity vulnerability in which a hacker could remotely silence alarms, alter time and date records or change composition of aspirated gases.

NCCIC says it's a good idea for users of the Philips software disable unnecessary accounts and services.

"Philips recommends users implement role-based access controls to control physical access to the system," the advisory said. "Further controls are provided by the multiple components required to exploit the vulnerability."

Recommended Reading

Editors' picks

Company Announcements

View all | Post a press release
Powerful Medical Becomes the First Company to Win Best Science Startup and Overall Winner at A…
From Powerful Medical
November 21, 2024
Arsenal Medical Launches EMBO-02 Study for NeoCast™ to Assess Treatment of Chronic Subdural He…
From Arsenal Medical
November 14, 2024
New Published Study Shows MedLite ID as Faster and Simpler Solution to Primary Medication Infu…
From Orion Innovations
November 20, 2024
Osteal Therapeutics Announces Positive 12-Month Results from the APEX Clinical Trial Program a…
From Osteal Therapeutics
November 14, 2024
Editors' picks
Latest in Medical Devices
image/svg+xml
Industry Dive is an Informa business
© 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell